This invention relates generally to authentication data, and more particularly, to methods and systems for improving the security of secret authentication data during authentication transactions.
Secret Authentication (SA) data used during authentication transactions generally includes pass-phrases and answers to queries that are used to prove an individual is who he claims to be. As long as such authentication data remains secret it may be used to generate trustworthy authentication transaction results. However, imposters have been known to surreptitiously obtain such secret data by spying on individuals entering their pass-phrases or answering queries during authentication transactions, and by using sophisticated techniques such as phishing. Imposters have also been known to successfully guess such secret data through trial and error.
As a result of surreptitiously obtaining SA data of individuals, imposters may be in a position to effectively steal the identities of these individuals by obtaining additional sensitive information about them such as social security numbers, credit card numbers, bank account numbers, and private medical records. Moreover, imposters have been known to conduct many types of fraudulent transactions, such as network-based transactions, with surreptitiously obtained SA data. Consequently, known authentication techniques that typically require users to enter the same SA data during authentication transactions may not adequately protect individuals against identity theft and the many types of fraudulent transactions that may result therefrom.
In an effort to eradicate such identity theft, these known authentication techniques have been supplemented with other authentication techniques by installing additional identification data on software or hardware tokens. However, generating the tokens themselves, constructing enrollment sites and systems for collecting enrollment information from individuals, procuring software and hardware to support token use, and maintaining such software and hardware systems is complex, expensive and time consuming. It has also been known to conduct authentication transactions based on SMS messaging techniques. However, imposters have also been known to circumvent such SMS messaging techniques.